Jump to content

are $_session invulnerable to sql injections?


champoi

Recommended Posts

$_SESSION only stores data for you.  If you take data from a user that contains an sql injection, store it in $_SESSION then take it out, then you are still at risk.

 

But if you take data from the user (from $_POST for example), sanitize it, then store it in $_SESSION, then it is now safe data.

 

So $_SESSION basically has no effect on safety of variables, since session data is set by you, not by the user.  The thing to check is whether the data you put in $_SESSION originated from $_POST or $_GET (or $_REQUEST or $_COOKIE)

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.